Lead Configuration Management Engineer (9-12 yrs)

Configuration Management Lead Engineer (Cyber Security)

Job Location : Pune

Experience : 9-12 Years

Job Role :

The Configuration Management Lead Engineer is responsible for managing the identification, assessment, reporting, and mitigation of on prem and cloud misconfigurations and vulnerabilities. Focus will be on- prem and cloud Configuration assessment, reporting and governance including engagement with stakeholders across our Infrastructure and Application teams, third parties, and other internal departments and organizations to govern remediation of misconfigurations. This role will also be a technical lead responsible for guiding more Jr. engineers.

Required Certifications :

Certified Information Systems Security Professional (CISSP), or Certified Information Security Manage (CISM), Certificate of Cloud Security Knowledge (CCSK), Offensive Security Certified Professional (OSCP) or other equivalent recognized security certifications. Cloud certifications like AZ-500 Azure Security Engineer a plus.

Required Skills :

- Excellent communication skills: able to explain complex concepts clearly to both technical and non technical stakeholders.

- Understanding of risk assessment methodologies.

- Exposure or knowledge of cloud architectures, services, and vulnerabilities.

- Strong interpersonal skills: ability to work collaboratively within a team and manage group sessions.

- Reporting and metrics expertise with platforms such as ServiceNow (SecOps), PowerBI, etc.

- Evaluate and establish information security requirements by researching industry standards, conducting system security and vulnerability and configuration analyses, performing risk assessments, and analyzing architecture and platform configurations.

- Take leading role in establishment and operationalization of an On-prem config Mgmt governance program

- Provide vulnerability and misconfiguration remediation governance and operational support.

- Proficient in various configuration and vulnerability assessment tools such as Qualys, Armis, Microsoft Defender for Endpoint/Cloud, Wix, Prisma Cloud or similar CSPM security tools, Microsoft Defender for Cloud and Endpoints other identified infrastructure tools is desirable.

- 9+15 years of combined IT and security work experience with a broad range of exposure to cybersecurity, systems analysis, application development and/or systems administration and 5+ years of vulnerability or configuration management experience.

- Good understanding of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, CIS, HI-TRUST, GDPR).

- Familiarity with SANS Top 25 controls, OWASP Top 10 and/or MITRE ATT&CK framework